Perhaps try it with a Cleartext-Password in the "users" file. i.e.
*Without* using ntlm_auth. That works for me, including with
eapol_test, and TTLS/EAP-MSCHAPv2.
Can you clarify this setup/change to test? I was pretty sure I needed
to use ntlm_auth to auth against AD to test mschapv2
Put a test user in the "users" file:
test Cleartest-Password := "blah", MS-CHAP-Use-NTLM-Auth := 0
If that still fails, then there's something wrong with the system
that breaks the server in 2.0.5.
Running Samba 3.2.0 on Fedora 9
Your problem is very odd. I'm using 2.0.5 on RHEL5 with ntlm_auth and
it's working fine.
The only time I've seen eapol_test fail with "mismatch" is when I've
failed to strip the DOMAIN\ or @DOMAIN.COM from usernames with realms
and this has confused the key hashing - but your usernames are
unadorned.
Perhaps the Samba version in F9 has problems? What OS and samba version
is your (working) 1.1.7 server running?
FYI: Unknown network block for the CA_CERT with regards to the eapol
test config file
What does that mean?
Within the config you provided to for eapol_test at the bottom is a
ca_cert declaration that errors out when uncommented
Anyone using FC9 with freeradius 2.0.5 against AD working that I can use
to compare?
Thanks much appreciated
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
